Cybercrime forensics lab cinches high-profile cases

The Silicon Valley Regional Computer Forensics Laboratory pulls together evidence necessary to make a case in court.

From the BALCO steroids scandal to last year's contaminated spinach case, the Silicon Valley Regional Computer Forensics Laboratory has been in involved in nearly every high-profile investigation in the Bay Area.

 What we're doing is pulling it all together in a very formal environment that any crime laboratory operates under.
Chris Beeson,
directorSilicon Valley Regional Computer Forensics Laboratory

The lab is one of 14 regional computer forensics laboratories across the country sponsored by the FBI and run jointly with local law enforcement agencies. It serves nearly 100 Bay Area law enforcement agencies, with 11 examiners conducting forensics on everything from computers and cell phones to PDAs and music players.

A majority of the cases the Silicon Valley RCFL handles involve child pornography, but it also works a high percentage of other cybercrimes, including theft of intellectual property, said Chris Beeson, lab director and FBI supervisory special agent. The lab also sees the occasional terrorism case.

Forensics help:
Looking for forensics help? Advice and best practices are a few clicks away.

High Technology Crime Investigation Association

The SANS Institute: Offers the GIAC Certified Forensics Analyst credential.

International Information Systems Forensics Association (IISFA): Offers the Certified Information Forensics Investigator certification.

The CERT forensics team: CERT is part of the Software Engineering Institute at Carnegie Mellon University.

International Society of Forensic Computer Examiners: A private Virginia company that offers the Certified Computer Examiner certification.

U.S. Department of Justice, Computer Crime and Intellectual Property Section: Provides guidelines on electronic evidence.

National Cyber-Forensics and Training Alliance: A public-private partnership that facilities training, promotes security awareness and conducts forensic analysis.

The lab's findings are a turning point in nearly every case, Beeson said: "We provide the material that puts that case together. Sometimes it's icing on the cake but a lot of times it was material that was absolutely necessary to prove the case."

Last year it processed 34 terabytes of data; this year he expects it will examine more than 50. In June, SVRCFL had about 190 open cases involving "anything from a single floppy disk all the way up to 20 servers or more," he said. One case involves more than 150 servers.

Beeson, who has a degree in mechanical engineering, declines to disclose the tools the lab uses, but says they are widely available, commercial ones. Computer forensics is about matching exceptional personnel with quality tools and techniques, he said.

"We're not doing anything super magic here. What we're doing is pulling it all together in a very formal environment that any crime laboratory operates under," he said. "If you're a lab that handles ballistics or DNA, the forensics process is very formalized….We're tried to mirror ourselves like those types of traditional crime labs."

A lot of the work at the SVRCFL involves documentation and administrative steps to ensure that material is processed "in the absolute best way possible, yielding the best results," he said.

The diligence paid off. Earlier this year, the SVRCFL was accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board.

Dig deeper on Monitoring Network Traffic and Network Forensics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close